This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-26322.
et-6.2.8-1.fc38
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
et-6.2.8-1.el9
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
et-6.2.8-1.fc40
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
et-6.2.8-1.fc39
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did
not properly initialize a data structure when parsing certain nested
RS-274X format files. If a user were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service (application crash).
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
R-4.3.3-2.fc39
Security fix for CVE-2024-27322
R-4.3.3-2.fc38
Security fix for CVE-2024-27322
Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)
Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)
Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-1085)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)
In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes. (CVE-2024-26597)
